CVE-2023-3943

10.0 CRITICAL
Published: May 21, 2024 Modified: April 15, 2026
View on NVD

Description

Stack-based Buffer Overflow vulnerability in ZkTeco-based OEM devices allows, in some cases, the execution of arbitrary code. Due to the lack of protection mechanisms such as stack canaries and PIE, it is possible to successfully execute code even under restrictive conditions. This issue affects ZkTeco-based OEM devices (ZkTeco ProFace X, Smartec ST-FR043, Smartec ST-FR041ME and possibly others) with firmware ZAM170-NF-1.8.25-7354-Ver1.0.0 and possibly others.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md
Source: vulnerability@kaspersky.com
https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md
Source: af854a3a-2127-422b-91ae-364da2661108

2 reference(s) from NVD

Quick Stats

CVSS v3 Score
10.0 / 10.0
EPSS (Exploit Probability)
0.6%
69th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-121

Related CVEs

CVE-2026-41113 8.1
CVE-2026-40308 N/A
CVE-2026-40249 N/A
CVE-2026-40248 N/A
CVE-2026-40247 N/A